In its mission to advise and assist with GDPR compliance, the CNIL has published two practical guides: the guide for the data protection officer and the guide to assist associations in their compliance.

Find out more in this blog post.


The DPO Guide: A CNIL guide to clarify the DPO missions and functions


Introduced in 2018 with the entry into force of the General Data Protection Regulation (GDPR), the Data Protection Officer (DPO) plays a central role in the governance of personal data. The DPO is the pillar and driver of your GDPR compliance.

The appointment of a DPO is mandatory for public authorities and certain private organisations whose core business involves large-scale processing of sensitive data or data that allows regular and systematic tracking of individuals.

To help answer all questions about the data protection officer, the CNIL has created this reference guide.

This guide is organised in four parts:

  • The role of the DPO
  • The appointment of the DPO
  • The exercise of the DPO’s function
  • Support for the DPO by the CNIL

Each theme is illustrated by concrete cases and answers to frequently asked questions, as well as practical tools such as the DPO’s mission letter template.


Here is the link to download the guide in French:



The Associations guide: A CNIL guide for the GDPR


Most associations collect a lot of information, sometimes sensitive, concerning various audiences (their members, people they support, their employees, volunteers or donors).

In order to comply with the GDPR, these organisations may have to review and develop their working methods. 

To help and support them in their GDPR compliance path, the CNIL has developed a guide to raise awareness of the General Data Protection Regulation.

The objectives of the guide are to recall the main concepts to be known, the main principles to be respected, and to propose an adapted action plan.

The associations’ guide includes four key chapters

  • A presentation of the main concepts to be known
  • A presentation of the main principles to be respected
  • An action plan presenting the main stages of compliance
  • Frequently asked questions.

Each chapter is illustrated by practical examples, which make it easier for associations in different sectors (sport, social and medico-social, politics, etc.) to understand the main principles of data protection.

Here is the link to download the guide in French: